the iso fixes are important as I had to mitigate the possible publicly reported iso attack vector of putting a different image header in the system area of the iso file before i could enable iso support.
the side effect of that is preventing having multiple formats in a single file for all file formats.
so that is a separate hardening opportunity that was not covered by either cve and has been mitigated as part of the regression fix.
it does not change the scope of this CVE but its still important to improve the security posture.
the iso fixes are important as I had to mitigate the possible publicly reported iso attack vector of putting a different image header in the system area of the iso file before i could enable iso support.
the side effect of that is preventing having multiple formats in a single file for all file formats.
so that is a separate hardening opportunity that was not covered by either cve and has been mitigated as part of the regression fix.
it does not change the scope of this CVE but its still important to improve the security posture.